software installed on suspect computers could be considered breaking section 3 of Computer Misuse Act, by altering data..

lack of clarity from authorities, Article 8 Human Rights Act, scope of states power must be disclosed and made clear what authorities will or won’t use ..

William Hague, who speaks for the government on computer security issues, said: “Any export of goods that could be used for internal repression is something we would want to stop” .. He also admitted the law governing software exports was a grey area ..”

Her second Reith lecture of 2011, the former director-general of the British Security Service (MI5), Eliza Manningham-Buller, discusses policy priorities since 9/11. She reflects on the Arab Spring, and argues that the West’s support of authoritarian regimes did, to some extent, fuel the growth of al-Qaeda.

“.. As part of the UK Government’s investment in cyber security, a consortium comprising the IISP (Institute of Information Security Professionals), CREST (Council for Registered Ethical Security Testers) and Royal Holloway’s Information Security Group (ISG) has been appointed by CESG to provide certification for UK Government Information Assurance (IA) professionals. The consortium has been awarded a licence to issue the CESG Certified Professional Mark based on the IISP Skills Framework, as part of a certification scheme driven by CESG, the IA arm of GCHQ ..

step forward in professionalising key Information Assurance roles needed by the public sector. It is also an important development along the path of securing the UK against cyber attack and protecting government and individuals’ data. CESG looks forward to continuing close co-operation with the IISP, CREST and Royal Holloway in delivering this IA Certification Service ..”

” This is a review (“the review”) conducted at the request of and for the Lord Chief Justice, prompted by concerns as to the operation of the disclosure regime contained in the Criminal Procedure and Investigations Act 1996, as amended (“the CPIA”). ”

Review of Disclosure in Criminal Proceedings (Judiciary of England and Wales)
The Rt Hon. Lord Justice Gross
September 2011

The United Kingdom Accreditation Service (UKAS) accredits against ISO 17025 and ISO 17020 and this is seen as an integral part of the quality framework and an expectation for those supplying forensic science services.

ISO 17025 can be applied to accredit any general laboratory and ASCLD-LAB, special purpose forensic laboratories.

Digital forensics is also key in implementing and maintaining an effective information security management system (ISMS) as specified by the ISO27001.

Control A.13.2.3 of the ISO 27001 Standard requires: in the event of a security incident any evidence presented in a criminal or civil action against an individual or company must fully conform to all relevant legislation. While this requirement is fairly obvious, it is crucial to the success of the legal process that the digital evidence is collected as accurately and reliably as possible.

The best practice as defined in clause 13.2.3 of the ISO 27002 Code of Practice (not a management standard, only best practice, cannot be accredited) recommends the preparation of an investigation procedure which includes the forensic collection of digital evidence together with the originals of all documents and witness details.

All such plans are major contributors to ensuring conformance to Clause 7.3 of the ISO 27001 Standard on preventative action which is of course essential to the maintenance of the ISMS continual process improvement.